Logstash服务器配置问题

时间:2014-12-08 09:35:17

标签: logging logstash

我目前正在使用logstash和kibana构建集中式日志记录设置。我已成功安装服务器,但目前遇到以下问题。

我所有的配置似乎都很好,

root@centralizedlogging-421413:/opt/logstash/bin# ./logstash --configtest -f    /etc/logstash/conf.d/01-lumberjack-input.conf
Using milestone 1 input plugin 'lumberjack'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2-modified/plugin-milestones {:level=>:warn}
Configuration OK
root@centralizedlogging-421413:/opt/logstash/bin# ./logstash --configtest -f /etc/logstash/conf.d/10-syslog.conf
Using milestone 1 filter plugin 'syslog_pri'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2-modified/plugin-milestones {:level=>:warn}
Configuration OK
root@centralizedlogging-421413:/opt/logstash/bin# ./logstash --configtest -f /etc/logstash/conf.d/30-lumberjack-output.conf
Configuration OK

但是我的logstash.log仍然给出了以下错误,

  

{:timestamp =>“2014-12-08T09:25:43.250000 + 0000”,:message =>“错误:#29,第1列(字节734)中的#,输入,过滤,输出之一)之后“}   {:timestamp =>“2014-12-08T09:25:43.260000 + 0000”,:message =>“您可能感兴趣的是'--configtest'标志,您可以在选择之前验证logstash的配置\ n重新启动正在运行的系统。“}

我不确定触发此错误的位置。

以下是输入文件

01-lumberjack-input.conf
input {
  lumberjack {
    port => 5000
    type => "logs"
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}

10-syslog.conf
filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}

30-lumberjack-output.conf
output {
  elasticsearch { host => localhost }
  stdout { codec => rubydebug }
}

任何帮助将不胜感激。

1 个答案:

答案 0 :(得分:1)

我解决了这个问题。这是一个权限问题,因为没有正确读取ssl键。因此,我将文件(证书和密钥)移动到/ etc / ssl文件夹,并且还发出了对文件的666访问权限。

在此之后,我重新启动了服务,现在没有错误。

感谢大家的回复。我只能通过这些回复调试问题。

谢谢, KARTHIK

相关问题
最新问题